Privacy PolicyTerms of ServiceCookie Policy

Cookie Policy

Last updated: May 6, 2026

This Cookie Policy describes how Core Day Off uses cookies and similar browser-storage technologies (collectively, "cookies"). For broader information on what we collect, see our Privacy Policy.

1. What cookies are

Cookies are small pieces of data stored by your browser. Core Day Off also uses two related browser-storage technologies: localStorage (for user-preference settings) and the Push API (for desktop notifications, when you opt in).

2. Cookies and storage we use

Strictly necessary

These are required for Core Day Off to work — they cannot be disabled without breaking core functionality.

  • Session cookie (laravel_session): keeps you logged in while you use the app
  • CSRF cookie (XSRF-TOKEN): protects forms and state-changing requests against cross-site request forgery
  • Sidebar state: a small cookie remembering whether your navigation sidebar is collapsed or expanded

Functional (localStorage)

Stored locally in your browser; never sent to our servers. Used to remember your preferences across visits:

  • Theme: light, dark, or system
  • Calendar mode: which calendar tab you last used (Day / Week / Month / Team)
  • Day Offs view: list or calendar
  • Push opt-in dismissal: remembers when you dismissed the "Allow desktop notifications?" banner

Push notifications (opt-in)

If you allow desktop notifications, your browser issues a push subscription endpoint that we store on our servers so we can deliver notifications. You can revoke this at any time in your browser settings or in your Core Day Off notification preferences.

Cookies and storage we do not use

  • No third-party advertising or marketing cookies
  • No cross-site tracking
  • No analytics or session-replay tools at this time

3. Managing cookies

You can clear, block, or delete cookies in your browser settings. Blocking strictly necessary cookies will prevent Core Day Off from functioning. Functional preferences stored in localStorage can be cleared via your browser's site-data tools — you'll just lose your saved preferences and need to set them again.

4. Third-party services

Public-holiday data is fetched from Nager.Date on the server side; no cookies are set in your browser by that service. Future integrations (analytics, support chat, payments) may introduce additional cookies — if so, this policy will be updated and a consent banner shown where required by law.

5. Changes

We will update this Cookie Policy whenever our cookie use changes. The "Last updated" date at the top of this page reflects the current version.

6. Contact

Cookie questions: [email protected]

Questions? Contact [email protected].